RE: port-security 3550

From: SHARMA,MOHIT (HP-Germany,ex1) (mohit.sharma@hp.com)
Date: Mon Jul 07 2003 - 17:57:51 GMT-3

• Next message: boby2kusa@hotmail.com: "Re: port-security 3550"
• Previous message: Danny.Andaluz@triaton-na.com: "RE: port-security 3550"
• Maybe in reply to: Danny.Andaluz@triaton-na.com: "port-security 3550"
• Next in thread: boby2kusa@hotmail.com: "Re: port-security 3550"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

By default the maximum number allowed secure address is 1. It is
configurable by
switchport port-security maximum <value>

-----Original Message-----
From: Danny.Andaluz@triaton-na.com [mailto:Danny.Andaluz@triaton-na.com]
Sent: Monday, July 07, 2003 10:52 PM
To: chenry@reuna.cl
Cc: ccielab@groupstudy.com
Subject: RE: port-security 3550

Yeah. That's because you are specifying the MAC address. Anyone, please
correct me if I'm wrong.

Danny

-----Original Message-----
From: Cristian Henry H [mailto:chenry@reuna.cl]
Sent: Monday, July 07, 2003 4:52 PM
To: Andaluz, Danilo, Triaton/NA
Cc: ccielab@groupstudy.com
Subject: Re: port-security 3550

Look this,

interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
 switchport port-security
 switchport port-security violation protect
 switchport port-security mac-address 0009.b7da.4140
!

with the configuration above, without config "maximun 1" works as expected,

#sh port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security
Action
                    (Count) (Count) (Count)
----------------------------------------------------------------------------

---
     Fa0/1           1               1             4             
Protect
----------------------------------------------------------------------------
---
Total Addresses in System : 1
Max Addresses limit in System : 128
#sh mac-address-table interface f0/1
          Mac Address Table
------------------------------------------
Vlan    Mac Address       Type       Ports
----    -----------       ----       -----
  10    0009.b7da.4140    STATIC     Fa0/1
Total Mac Addresses for this criterion: 1
Danny.Andaluz@triaton-na.com ha escrito:
> 
> Hello, Group.  Quick question on port security.
> 
> interface FastEthernet0/7
>  switchport port-security violation protect
> 
> r7---cat3550
> 
> Will the above config allow the port to only learn r7's MAC and none 
> other? Here's the requirement:
> 
> Configure the port attached to R7 to only learn 1 MAC address.  If 
> other devices are connected to this port, it should not be shut down, 
> but rather deny any communications from these new MAC's.
> 
> I think the "protect" keyword prevents the port from being shutdown.  
> I'm confused about the part where it only learns R7's MAC.  If another 
> device connects to this port, how does the switch know it's not R7.  
> I'm guessing it's dynamic, but is the above all that is needed as far 
> as configurations on the cat interface?  Shouldn't the command 
> "switchport port-security" be added as well?  I was looking at the Doc 
> CD, but it's not clear.  I'm finding conflicting info.
> 
> Thanks,
> Danny
> 
> ______________________________________________________________________
> _
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
> 
> Subscription information may be found at: 
> http://www.groupstudy.com/list/CCIELab.html
-- 
Cristian E. Henry
REUNA
E-mail: chenry@reuna.cl
Fono: 56-2-3370336

• Next message: boby2kusa@hotmail.com: "Re: port-security 3550"
• Previous message: Danny.Andaluz@triaton-na.com: "RE: port-security 3550"
• Maybe in reply to: Danny.Andaluz@triaton-na.com: "port-security 3550"
• Next in thread: boby2kusa@hotmail.com: "Re: port-security 3550"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:27 GMT-3